/*
 * Copyright (c) 2023, 2024,yzc.cn All rights reserved.
 *
 */
package com.by.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.SecurityFilterChain;

/**
 * <p>Project: erp-cloud-api - SecurityConfig</p>
 * <p>Powered by yzc On 2024-01-22 19:52:35</p>
 * <p>描述：<p>
 *
 * @author yzc [youzhicheng0415@163.com]
 * @version 1.0
 * @since 17
 */
@Configuration
public class SecurityConfig {
    /**
     * 向容器注册 安全过滤器实例 在这里可以配置自己的过滤器
     *
     * http.formLogin()
     *                 .loginPage("") //自己的登录界面
     *                 .usernameParameter("username") //登录页面用户名的参数名
     *                 .passwordParameter("password"); //登录页面密码的参数名
     * @param http
     * @return
     * @throws Exception
     */

    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        http.authorizeRequests() //授权请求
                .regexMatchers("/pur/user/login").permitAll()//允许登录接口在没有授权的前景下 访问
                .antMatchers("/doc.html","/swagger-resources/**","/v2/api-docs/**","/webjars/**","/pur/user/login").anonymous()
                //指定的路劲运行匿名访问
                .antMatchers("/v1/pur/**").hasRole("puruser")//允许拥有puruser这个角色的 用户访问/pur开头的资源
                .anyRequest() //除了上面的请求 以外的所有任意请求
                .authenticated(); //授权 后才能访问

        return http.build();
    }
}
